I am trying to direct all DNS queries to the provider of my choice and I want to use DOT from opnsense to go there. I know the issues with DOH and that I can't completely block it, that is not my question. My question is that when looking at the log I see entries going to 9.9.9.9:53 and 8.8.4.4:53 only on the wan interface with a description "let out everything from the firewall host itself (forece gw)". From this I gather that opnsense is doing queries on its own, not coming from any interface and it chose to use these DNS providers. Am I correct? If not can someone explain what this means? If I am correct then where are the settings to tell opnsense which DNS provider I want to use?
Quote from: headbanger on October 17, 2024, 02:44:35 PM
From this I gather that opnsense is doing queries on its own, not coming from any interface and it chose to use these DNS providers. Am I correct?
Maybe. The requests can also come from inside, but you haven't enable logging.
It it's from OPNsense check
System: Settings: General.
Have you stated this servers here?
Or is "Allow DNS server list to be overridden by DHCP/PPP on WAN" checked. If so, the can be set by the ISP.
Thanks for your help. The entries were coming from my iot interface. Apparently some iot devices use these DNS servers. I put in a NAT port forward rule to redirect all port 53 requests to local host. That then routes them through the DOT server I selected. I now see the port 853 requets logging on wan.
To answer your two questions, there are no DNS servers in system->settings->general but I did have "Allow DNS server list to be overridden by DHCP/PPP on WAN" checked. I unchecked it.
Thanks again for your help, this is a great forum and opnsense is a great product.